[Swan] XFRMi Interface route based IPSec with right=%any
ravin.ya90 at gmail.com
Tue Apr 28 23:32:00 UTC 2020
Thank you for your time.
Setting all the connections to "overlapip=yes" did not help. I am still
seeing the same “route already in use” error.
Any other suggestions? or workaround that might work?
Apr 28 19:13:40.288938: | route owner of "gateway02" 10.11.0.2 unrouted:
"gateway01" 10.11.0.1 erouted; eroute owner: "gateway01" 10.11.0.1
Apr 28 19:13:40.288946: "gateway02" 10.11.0.2 #7: cannot route -- route
already in use for "gateway01" 10.11.0.1
If I understand correctly the next release (v3.32) will not have the legacy
KLIPS and shall support overlapping IPs. Is there a rollout date for the
Also, if I build the master branch I should not see this issue. Right?
On Tue, Apr 28, 2020 at 6:34 PM Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 28 Apr 2020, Rav Ya wrote:
> > Question: With this configuration, my the first tunnel comes up
> successfully but my second tunnel
> > fails with “route already in use” error?
> That is a bug. Can you try adding overlapip=yes to all connections ?
> > Given that I have two different XRFMi interfaces shouldn’t we allow
> route (0.0.0.0/0 -> 0.0.0.0/0
> > subnets) for individual XFRMi to run iBGP? What am I missing? Any
> recommendations please?
> It is because the legacy KLIPS stick did not support overlapping IPsec
> connections. We are about to rip out KLIPS, but got delayed by a few
> releases, so it is still in the last release (although it has been
> ripped out in git master).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan